Tableau MCP Server

#!/bin/bash # ============================================ # Create Secrets for Tableau MCP Server # ============================================ # Helper script to create secrets in Google Secret Manager # Usage: ./create-secrets.sh [staging|production] # ============================================ set -e # Colors RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' BLUE='\033[0;34m' NC='\033[0m' # Check arguments if [ "$#" -ne 1 ]; then echo -e "${RED}Usage: $0 [staging|production]${NC}" exit 1 fi ENVIRONMENT=$1 if [[ "$ENVIRONMENT" != "staging" && "$ENVIRONMENT" != "production" ]]; then echo -e "${RED}ERROR: Environment must be 'staging' or 'production'${NC}" exit 1 fi echo -e "${BLUE}============================================${NC}" echo -e "${BLUE}Create Secrets - ${ENVIRONMENT^^}${NC}" echo -e "${BLUE}============================================${NC}" echo "" # Get project PROJECT_ID=$(gcloud config get-value project 2>/dev/null) if [ -z "$PROJECT_ID" ]; then echo -e "${RED}ERROR: No Google Cloud project set${NC}" echo "Run: gcloud config set project YOUR_PROJECT_ID" exit 1 fi echo "Project: $PROJECT_ID" echo "Environment: $ENVIRONMENT" echo "" # Enable Secret Manager API echo -e "${YELLOW}Enabling Secret Manager API...${NC}" gcloud services enable secretmanager.googleapis.com --project=$PROJECT_ID echo -e "${GREEN}✓ API enabled${NC}" echo "" # Get Tableau token value echo -e "${YELLOW}Tableau Personal Access Token${NC}" echo "Enter your Tableau PAT token value:" echo "(This will not be displayed on screen)" read -s TABLEAU_TOKEN_VALUE echo "" if [ -z "$TABLEAU_TOKEN_VALUE" ]; then echo -e "${RED}ERROR: Tableau token value is required${NC}" exit 1 fi # Generate or get MCP API key echo "" echo -e "${YELLOW}MCP API Key${NC}" echo "Options:" echo " 1. Generate a new random API key (recommended)" echo " 2. Enter your own API key" read -p "Choose option (1 or 2): " KEY_OPTION if [ "$KEY_OPTION" == "1" ]; then MCP_API_KEY=$(openssl rand -base64 32) echo -e "${GREEN}✓ Generated API key: $MCP_API_KEY${NC}" elif [ "$KEY_OPTION" == "2" ]; then echo "Enter your MCP API key:" read -s MCP_API_KEY echo "" if [ -z "$MCP_API_KEY" ]; then echo -e "${RED}ERROR: API key is required${NC}" exit 1 fi else echo -e "${RED}Invalid option${NC}" exit 1 fi echo "" echo "Creating secrets for $ENVIRONMENT environment..." echo "" # Create Tableau token secret SECRET_NAME="tableau-token-$ENVIRONMENT" echo -e "${YELLOW}Creating $SECRET_NAME...${NC}" if gcloud secrets describe $SECRET_NAME --project=$PROJECT_ID &>/dev/null; then echo "Secret $SECRET_NAME already exists. Adding new version..." echo -n "$TABLEAU_TOKEN_VALUE" | \ gcloud secrets versions add $SECRET_NAME --data-file=- --project=$PROJECT_ID else echo -n "$TABLEAU_TOKEN_VALUE" | \ gcloud secrets create $SECRET_NAME \ --data-file=- \ --replication-policy="automatic" \ --labels="environment=$ENVIRONMENT,app=tableau-mcp" \ --project=$PROJECT_ID fi echo -e "${GREEN}✓ Created $SECRET_NAME${NC}" # Create MCP API key secret SECRET_NAME="mcp-api-key-$ENVIRONMENT" echo -e "${YELLOW}Creating $SECRET_NAME...${NC}" if gcloud secrets describe $SECRET_NAME --project=$PROJECT_ID &>/dev/null; then echo "Secret $SECRET_NAME already exists. Adding new version..." echo -n "$MCP_API_KEY" | \ gcloud secrets versions add $SECRET_NAME --data-file=- --project=$PROJECT_ID else echo -n "$MCP_API_KEY" | \ gcloud secrets create $SECRET_NAME \ --data-file=- \ --replication-policy="automatic" \ --labels="environment=$ENVIRONMENT,app=tableau-mcp" \ --project=$PROJECT_ID fi echo -e "${GREEN}✓ Created $SECRET_NAME${NC}" echo "" # Grant access to default compute service account echo -e "${YELLOW}Granting Cloud Run access to secrets...${NC}" PROJECT_NUMBER=$(gcloud projects describe $PROJECT_ID --format='value(projectNumber)') SERVICE_ACCOUNT="$PROJECT_NUMBER-compute@developer.gserviceaccount.com" gcloud secrets add-iam-policy-binding "tableau-token-$ENVIRONMENT" \ --member="serviceAccount:$SERVICE_ACCOUNT" \ --role="roles/secretmanager.secretAccessor" \ --project=$PROJECT_ID &>/dev/null gcloud secrets add-iam-policy-binding "mcp-api-key-$ENVIRONMENT" \ --member="serviceAccount:$SERVICE_ACCOUNT" \ --role="roles/secretmanager.secretAccessor" \ --project=$PROJECT_ID &>/dev/null echo -e "${GREEN}✓ Access granted${NC}" echo "" # Summary echo -e "${GREEN}============================================${NC}" echo -e "${GREEN}✓ Secrets created successfully!${NC}" echo -e "${GREEN}============================================${NC}" echo "" echo "Created secrets:" echo " - tableau-token-$ENVIRONMENT" echo " - mcp-api-key-$ENVIRONMENT" echo "" echo "Service account with access:" echo " - $SERVICE_ACCOUNT" echo "" echo "Your MCP API Key (save this for Cursor configuration):" echo -e "${BLUE}$MCP_API_KEY${NC}" echo "" echo "Next steps:" echo " 1. Save your API key securely" echo " 2. Deploy the service: ./deploy-$ENVIRONMENT.sh" echo " 3. Configure Cursor with the API key (Phase 7)" echo ""